File openfortivpn.changes of Package openfortivpn
-------------------------------------------------------------------
Sun Aug 27 16:47:53 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Compile with support for systemd (sd_notify)
-------------------------------------------------------------------
Mon Jul 3 13:31:07 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.20.5
* revert previous fix from 1.20.4, make it optional.
- Update to version 1.20.4
* fix "Peer refused to agree to his IP address" message.
- Update to version 1.20.3
* minor change in a warning message.
* documentation improvement.
* minor changes in build and test files.
- Update to version 1.20.2
* fix regression: do attempt to apply duplicate routes, log
INFO instead of WARN.
* minor changes in log messages.
- Update patch:
* harden_openfortivpn@.service.patch
-------------------------------------------------------------------
Mon Feb 27 13:39:27 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to versoin 1.20.1
* Bugfix release.
- Update to versoin 1.20.0
* Discard invalid empty HDLC frame at end of buffer.
* Prepend "SVPNCOOKIE=" to the given cookie if missing.
-------------------------------------------------------------------
Wed Oct 12 09:51:16 UTC 2022 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.19.0
* fix "Peer refused to agree to our IP address" message
* avoid setting duplicate routes
* remove obsolete code that reads non-XML config from FortiOS
* improve warning message when reading options from config file
- Update to version 1.18.0
* add new options to delegate the authentication to external
programs
* minor fixes in documentation
-------------------------------------------------------------------
Sat May 7 14:00:06 UTC 2022 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.17.3
* fix regression: spurious warning message after reading config
-------------------------------------------------------------------
Thu Mar 31 14:59:12 UTC 2022 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.17.2
* fix memory leak when reading user input
* improve calls to getsockopt() and associated debug output
* allow reading config from process substitution
* work around CodeQL false positives, improving code at the same
time
* change type of systemd.service from simple to notify
-------------------------------------------------------------------
Wed Oct 13 10:41:17 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_openfortivpn@.service.patch
-------------------------------------------------------------------
Thu Sep 9 12:51:01 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Updat eto version 1.17.1
* fix regression: enable OpenSSL engines by default
* fix typos found by codespell
* fix LGTM alerts
-------------------------------------------------------------------
Fri Jul 16 20:03:25 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.17.0
* make OpenSSL engines optional
* document and favor --pinentry over plain text password in
configuration file
* fix buffer overflow and other errors in URI espcaping for
--pinentry
* use different --pinentry hints for different hosts, usernames
and realms
* fix memory management errors related to --user-agent option
-------------------------------------------------------------------
Sun Feb 14 15:40:03 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.16.0
* support for user key pass phrase
* add a space at the end of the OTP prompt
* modify memory allocation in the tunnel configuration structure
* openfortivpn returns the PPP exit status
* print SSL socket options in log
-------------------------------------------------------------------
Wed Sep 9 18:34:03 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.15.0
* fix issue sending pin codes
* add command line option to bind to specific interface
* use different hints for OTP and 2FA
* remove password from /proc/#/cmd
* extend OTP to allow FTM push
* add preliminary support for host checks
* don't accept route to the vpn gateway
* fix byte counter in pppd_write
-------------------------------------------------------------------
Sat May 23 08:34:20 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.14.1
* fix out of bounds array access
-------------------------------------------------------------------
Tue May 12 18:46:49 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.14.0
* add git commit id in debug output
* do not use interface ip for routing on linux
* avoid extra hop on interface for default route
* clean up, updates and improvments in the build system
* increase the inbound HTTP buffer capacity when needed
* print domain search list to output
* add systemd service file
* add systemd notification when stopping
* allow logging with both smartcard and username
* fix GCC 9 and clang warnings
* bump default minimal TLS version from TLSv1.0 to TLSv1.2
* fix a couple coverity warnings
- Package systemd service file
-------------------------------------------------------------------
Wed Apr 1 05:42:13 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.13.3
* fix a coverity warning
* cross-compile: do not check resolvconf on the host system
-------------------------------------------------------------------
Wed Mar 25 18:09:34 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.13.2
* properly build on FreeBSD, even if ppp is not installed at
configure time
* build in the absence of resolvconf
-------------------------------------------------------------------
Tue Mar 24 20:21:17 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to versin 1.13.0
* avoid unsupported versions of resolvconf
* add configure and command line option for resolvconf
* increase BUFSIZ
* reinitialize static variables with the --persistent option
* fix a memory leak in ipv4_add_nameservers_to_resolv_conf
-------------------------------------------------------------------
Thu Feb 27 15:14:15 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.12.0
* fix CVE-2020-7043: TLS Certificate CommonName NULL Byte
Vulnerability
* fix CVE-2020-7042: use of uninitialized memory in
X509_check_host
* fix CVE-2020-7041: incorrect use of X509_check_host
(regarding return value).
* always hide cleartest password in -vv output
* add a clear warning about sensitive information in the debug
output
* add a hint in debug output when password is read from config
file
* fix segfault when connecting with empty password
* use resolvconf if available to update resolv.conf file
* replace semicolon by space in dns-suffix string
-------------------------------------------------------------------
Thu Nov 28 19:20:07 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.11.0
* allow to connect with empty password (and with smartcard
instead of username)
* properly handle manipulations of resolv.conf
* support dns-suffix feature
* several codacy fixes
* Add smartcard support with openssl-engine
* correctly shift masks for cidr notation on MAC
* one-byte fix to build with lcc compiler
* pass space character as %20 instead of encoding it as '+'
- Update to version 1.10.0
* fix openssl 1.1.x compatibility issues
* Connect to old TLSv1.0 software - override new openssl defaults.
* suppress cleartext password in debug detail output / add new
verbosity level
* increase speed setting for pppd
* configure.ac: rt_dst: don't run tests when option is passed
* configure.ac: don't check file path if --with/--disable specified
* userinput: pass a hint to the pinentry program
* tunnel: make pppd default to logging to stderr
* tunnel: pass our stderr to the pppd slave
-------------------------------------------------------------------
Sun Mar 17 11:52:47 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.9.0
* Update of the man page, especially about the dns settings
* improved configure output: show detected paths for use at runtime
* Make search string for the otp-prompt configurable
* Add an option to specify a configurable delay during otp
authentication
* Make the options that control usepeerdns more consistent
-------------------------------------------------------------------
Mon Jan 7 08:05:03 UTC 2019 - mardnh@gmx.de
- Update to version 1.8.1
Bug fix
* With version 1.8.0 /etc/resolv.conf was not updated anymore in
some situations. To avoid this regression the change
"Rationalize DNS options" has been reverted again to restore the
behavior of versions up to 1.7.1.
* Correctly use realm together with two factor authentication
* If no port is specified use standard https port similar as vendor
client
* Fix value of Accept-Encoding request header
* Bugfix in url_encode for non alphanumerical characters
* HTML URL Encoding with uppercase characters
* Honor Cipher-list option
Change in behavior
* Support longer passowrds by allocation of a larger buffer
* Improved detection of pppd/ppp client during configure stage
- Update to version 1.8.0
Bug fix
* Prioritize command line arguments over config file parameters
Change in behavior
* When logging traffic also show http traffic (not only tunneled
traffic)
* Improve error message in case of login failure
* Require root privileges for running. They are needed at various
places. Previously, just a warning was issued, but in later stage
things have failed.
* Dynamically allocate routing buffer and therefore allow larger
routing table.
* Support systemd notification upon tunnel up
* Change the way to read passwords such that backspace etc. should
work as usual
* Rationalize DNS options: pppd and openfortivpn were updating
/etc/resolv.conf. Check man page and help output for the
documentation of the current behavior.
-------------------------------------------------------------------
Mon Jun 18 06:24:41 UTC 2018 - mardnh@gmx.de
- Update to version 1.7.1
* openfortivpn version 1.7.1
* remove iswhitespace_like in favorite of isspace
* treat carriage returns as white space (might solve #129) (#334)
* update README.md for MacOS X (#333)
* Ooops... Fix --help output.
* Revert 6772c53
* Let pppd handle DNS servers
* Manual page fixes
* Documentation: we -> openfortivpn
* Ooops... Partial revert of 30a4e0b
* Temporarily change recipient of Coverity reports
* Simplify ofv_append_varr()
* Use the ARRAY_SIZE macro
* Automated Coverity analysis with Travis CI
* Fix pylint warnings
* Restore configure options removed in ac5c083
* Shell indentation: avoid mixing tabs and spaces
* Use PKG_CHECK_MODULES compiler/linker flags
* Quote shell variables
* bash -> sh
* Balance directory tree
* Build openfortivpn against OpenSSL 1.0.2
* Refactor Travis CI integration
* Revert 79f52ef
* Rework OpenSSL library detection
* Reworked array of pppd args (#295)
* Build with missing pthread_mutexattr_setrobust() (#298)
-------------------------------------------------------------------
Mon Apr 23 08:15:04 UTC 2018 - mardnh@gmx.de
- Update to version 1.7.0
* correctly set up route to vpn gateway (#285)
* Properly check vsnprintf() return value
* const correctness for strings
* socket() requires <sys/socket.h> (#290)
* HTTP end-of-line marker is CR LF
* malloc(), realloc() and free() require <stdlib.h>
* vsnprintf() is defined in <stdio.h>
* va_start() and va_end() require <stdarg.h> (#287)
* Improve script to find line length errors
* If the OTP is specified in the configuration, use it for 2FA
* fix formatting of man page
* replace hard-coded virtual ip address in pppd call parameters
by a rfc3330 test-net address
* Print proper pppd status messages
* Linux kernel coding style
* Ignore strings when calculating line lengths
* Make sure the Coverity defect is a false positive (#264)
* Linux kernel coding style
* Rephrase --half-internet-routes documentation
* Limit string length to C99 standard
* Add info about Debian (testing) package to readme
* Add --pppd-call option. (#270)
* Explain why Coverity defect is a false positive
* Linux kernel coding style
* Use X509_check_host instead of explicit CN match. (#242)
* Fix usage string for half-internet-routes
* UINT_MAX is defined in <limits.h>
* avoid confusion of code branches for different platforms
* added --persistent option for automatic reconnects (#190)
* update README.md
* Bourne shell
* call aclocal from autogen.sh only if it exists
* improve autoconf
* Standard error message for malloc()/realloc()
* Avoid Valgrind warning
* C99 initialization instead of memset()
* Documentation
-------------------------------------------------------------------
Fri Nov 17 21:30:57 UTC 2017 - mardnh@gmx.de
- Update to version 1.6.0
* Linux kernel coding style
* Does /usr/sbin/pppd exist?
* Update README.md (#196)
* Print message associated to pppd exit status code (#189)
* preserve existing config during install, this solves #130 (#193)
* Fix Codacy code style issues
* Increase max cookie size to 4096
* Fix Coverity defect
* Avoid multiple occurrences of a magic number
* Fix warning from static analysis tool scan-build
* Update Linux installation instructions
* dynamic allocation of memory for split route array (#163)
-------------------------------------------------------------------
Wed Oct 18 19:28:19 UTC 2017 - mardnh@gmx.de
- Update to version 1.5.0
* Add error reporting after execvp in pppd_run
* Move error reporting from ppd_run to ppd_terminate
* Fix bug in pppd_run forking code
* clean up config initialization and error messages during
parsing options (#167)
* Merge pull request #162 from mrbaseman/readme
* update README.md and mention PKG_CONFIG_PATH
* Merge pull request #158 from mrbaseman/routes
* Merge branch 'master' into routes
* Merge pull request #161 from bartlx/realm-in-configfile
* Added the option of setting authentication realm in the configfile
* add --half-internet-routes option, update man page
* ipv4 routes: set default route as 0.0.0.0/1 and 128.0.0.0/1
* Merge pull request #149 from martinetd/routes
* Merge branch 'master' into routes
* build: drop -Werror by default
* config: allow passing the otp via the config file
* http: fix possibly returning uninitialized memory to the server
* build: avoid evaluating $sysconfidir on configure time
* io: port to OpenSSL 1.1.0
* build: use pkg-config for detecting and configuring OpenSSL
* main: use strdup on pppd command line args
* option parsing: add --set-routes and --set-dns options
* help message: split define into multiple strings
- Changes from 1.3.1
* Emit an error if configured against OpenSSL 1.1.0
* Support multiarch libraries
* Update install documentation to describe the `--with-openssl` option
* Instruct travis CI to use autogen.sh
* Add openssl locations to configure options
* Fix a few minor typos
* Fix buffer overrun
* Merge pull request #136 from Mabin-J/fix-#87
* ipv4.h: increase 'MAX_SPLIT_ROUTES' 64 to 128 (Issue #87)
* Merge pull request #135 from Mabin-J/fix-lock-status-in-macos
* io.c: fix core cause of openfortivpn is locked when spawning pppd has failed.
* Merge pull request #134 from DimitriPapadopoulos/master
* Ignore SIGHUP
* Handle SIGTERM as SIGINT
* io.c: fix lock status when fail to spawn pppd in macOS.
- Changes from 1.3.0
* implement ipparam to be passed to pppd
* Merge pull request #125 from mrbaseman/command-line-arguments
* minor fixes to documentation, command line argument handling
(-o was not recognized before), and free all pointers in
destroy_vpn_config
* Merge pull request #122 from mrbaseman/get_route_fallback
* MacOSX version of ipv4_get_route
* Merge pull request #121 from Mabin-J/fix-readme-macosx-install
* README.md: modify 'macOS' part in 'Installing' Section
* fix segment error when adding route for vpn has failed show
warning message when adding route table is incomplete keep
routing entries strictly separate and do not reuse rt_dev
* Fix buffer overrun
* ipv4.h: increase 'MAX_SPLIT_ROUTES' (32 -> 64)
* Merge pull request #97 from Mabin-J/fix-to-remain-exist-route
* ipv4: Refactor ipv4_add_*_vpn_route()
* Load OS trusted certificate stores
* Merge pull request #95 from mrbaseman/ppp-routes
* This is a larger rework of the routing code
-------------------------------------------------------------------
Wed Mar 15 20:01:56 UTC 2017 - mardnh@gmx.de
- Update to version 1.3.0
- Fix RPM group
- Remove _service file
-------------------------------------------------------------------
Thu Nov 10 00:00:00 UTC 2016 - singer@nefkom.net
- Initial packaging, branched from Fedora Package
-------------------------------------------------------------------
Mon May 30 00:00:00 UTC 2016 - singer@nefkom.net
- Initial packaging, branched from Fedora Package
